Privacy Policy

PRIVACY POLICY

Personal Data Protection Policy (“Policy”)

  1. General

In view of the implementation of the Personal Data Protection Act 2010 (“Act”), Nano G Central Sdn Bhd (“Nano G”) recognise the need to process all personal data obtained in a lawful and appropriate manner. Nano G is committed to protecting the personal data supplied by a data subject to ensure compliance with the legal and regulatory requirements in accordance with the Act. This Policy covers the processing of all personal data and sensitive personal data which use is controlled by Nano G.

As a principle, collection, use, or disclosure of the personal data is prohibited for any purpose unless otherwise with the approval of the head of the relevant business units and the compliance officer.

  1. Policy Status
  1. This Policy is applicable to all employees of Nano G. For the purposes of this Policy, the term “employees” herein refers to all members of Nano G, including sales representatives and members of Nano G. Failure to comply with this Policy may result in disciplinary action.
  2. Any query regarding this Policy may be directed to the compliance officers of Nano G at admin@nanog.com.my
  3. In the event of any discrepancy, contradiction, and/or differences between any part of this Policy and that of any current policies adopted by Nano G, by the portion of the relevant policy which imposes a higher standard of data protection shall apply and supersede the other.
  1. Roles and Responsibilities
  1. The legal responsibility for compliance with the Act lies with Nano G who is the “data user” under the Act and is registered as such with the Personal Data Protection Commission. Notwithstanding, compliance with this Policy and the Act is the responsibility of all employees of Nano G.
  1. Data Collected & Purposes
  1. During the course of Nano G’s business and activities, Nano G may be required to process information of a data subject, including but not limited to the name of the individual, address, phone number and email address. Such information includes information which may identify an individual when in combination with other information, even if such information cannot identify such individual on its own. All these information may also be collected online or offline.
  2. The personal data collected by Nano G may be used amongst other things for the following purpose:
  1. Providing customer care and enhancing customer satisfaction, including but not limited to, resolving complaints, dealing with and/or responding to requests and enquiries, warranty, returns and other after sales services;
  2. Promoting, advertising and enhancing our products and services;
  • Human resources, employment and recruitment purposes;
  1. Training of staff;
  2. Storing and processing of personal data relating to the clients of Nano G in the data storage systems;
  3. Updating and managing the accuracy of the Nano G’s internal record, including but not limited to administration, processing and matching any personal data held which relates to you for any of the purposes listed herein;
  • Billing, taxation and/or auditing purposes;
  • Information and security purposes, including but not limited to managing and administrating e-mail, handling and investigating any security related issues, vulnerability, and/or incidents;
  1. Facilitating business transactions (which may extend to any merges, acquisitions or assets sales) invoicing any of the related corporations or affiliates of Nano G;
  2. Legal purposes (including but not limited to obtaining legal advice and dispute resolution);
  3. Disclosing personal data to the government authorities and/or authorised third party as required by law and/or within the responsibility of Nano G; and
  • As reasonably contemplated by the nature of any transaction.
  1. Data Processing
  1. As and when Nano G is required to collect personal data, Nano G and its employees must abide by the requirements of this Policy and the Act. In the context of the Act, “processing” is defined to include collecting, recording, holding or storing personal data which includes inter alia NRIC numbers, home address, contact details, etc.
  2. Nano G will be responsible for ensuring that any personal data processed in relation to the Nano G’s clients and/or another individual is accurate, complete, not misleading and kept up-to-date. The personal data will be reviewed periodically to ensure that they are up-to-date and to determine whether retention of such personal data is necessary.
  1. Consent of Individual
  1. Nano G may only process personal data with the consent of the data subject whom the personal data concerns and/or if the processing of the personal data is for the performance of a contract by Nano G to which the data subject is a party.
  1. Disclosure of Information
  1. Nano G requires all employees to be vigilant and exercise reasonable caution when asked to provide any personal data to a third party. In particular, Nano G must ensure that personal data is not disclosed either orally or in writing to any unauthorised employee without express prior consent of the compliance officer and/or authorised individual (as the case), and/or if disclosure is not for any of the purposes stipulated in Paragraph 6.
  2. However, as and when it is reasonably required, the personal data in the possession of Nano G may only be disclosed to the following third parties:
  1. Authorised agents, contractors and third party service providers who provide services to Nano G for any of the purposes contemplated at Paragraph 6;
  2. External professional advisors and auditors; and/or
  • Governmental departments and authorities.
  1. Personal data will not be transferred outside Nano G to a country outside of Malaysia unless consent from the data subject is obtained.
  1. Data Security
  1. Nano G will ensure that any personal data which is collected, stored and processed, is stored securely and the practical steps are adopted to ensure the following:
  1. Source documents are well kept in accordance with applicable laws;
  2. Paper-based records must not be left where unauthorised employees can gain access to them and must be kept in accordance with applicable laws;
  • Computerised personal data is protected by passwords; and
  1. Individual passwords are kept confidential and not disclosed or shared with other employees to enable login under any other employee’s personal username and password.
  1. When physical files or any forms relating to the data subject are no longer required, they will be shredded or bagged and destroyed securely, and the hard drives consisting of those records will be erased off via secure electronic deletion pursuant to such standard procedure by the administration department.
  2. Any employee of Nano G must not process any personal data belonging to any data subject, whether in softcopy or hardcopy, outside of the premises of Nano G unless prior approval is provided by the compliance officer or any authorised person.
  1. Data Retention
  1. Personal data obtained should not be kept longer than it is required for its purposes. Nano G has an obligation to ensure that the personal data of the data subject are destroyed and/or permanently deleted after a specified period of time. All employees are required to contact the compliance officer and/or any authorised officer should the need to dispose of any personal data arises.
  2. Personal and sensitive data will be disposed of by means as listed in Paragraph 14. Appropriate measures will and must be taken by Nano G to ensure the personal data destroyed are not reconstructed or processed by any third party.
  1. Rights of Data Subject
  1. A data subject has the following rights under the Act:
  1. Request for access to personal data held on the individual, the purpose for which the personal data is being used and those to whom it has, or can be disclosed to;
  2. Prevent data processing that is likely to cause distress or damage;
  • Take reasonable action to stop the use of, rectify, erase, and/or dispose of inaccurate personal data; and
  1. Limit the processing of their personal data and/or withdraw their consent given to Nano G.
  1. Any individual who intends to exercise the abovementioned rights shall make a written request to Nano G together with the prescribed fee as applicable. For purposes of I, II, and III under paragraph 18, Nano G shall, subject to any exceptions provided under law, comply with the request not later than 21 days from the date of receipt of such request. For purposes of IV under paragraph 18, Nano G shall, upon receiving such request, cease the processing of such personal data as soon as practicable.